- From: philomathic_life via GitHub <sysbot+gh@w3.org>
- Date: Wed, 07 Aug 2024 15:17:49 +0000
- To: public-webauthn@w3.org
Serialization requires `crossOrigin`, so the conditional "if" is not needed: If _C_.[`crossOrigin`](https://w3c.github.io/webauthn/#dom-collectedclientdata-crossorigin) is set to `true`, verify that the [Relying Party](https://w3c.github.io/webauthn/#relying-party) expects that this credential would have been created within an iframe that is not [same-origin with its ancestors](https://w3c.github.io/webappsec-credential-management/#same-origin-with-its-ancestors). Related, should `topOrigin` validation be a sub-step since it should not never be set when `crossOrigin` is `false`? -- GitHub Notification of comment by zacknewman Please view or discuss this issue at https://github.com/w3c/webauthn/issues/2113#issuecomment-2273722313 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Wednesday, 7 August 2024 15:17:49 UTC